6232b625f4dfd0c254055f493901450b2c43679ee60a0d37ce0a336faccec51f

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 06:21

Target

c7e84906ba0a5cfa77693cabe169fba8.dll
Size

366KB
MD5

c7e84906ba0a5cfa77693cabe169fba8
SHA1

8cf9cf54d84918c6aff61e2364e7471cf2ef7a2a
SHA256

6232b625f4dfd0c254055f493901450b2c43679ee60a0d37ce0a336faccec51f
SHA512

2ccc00777ed22544fdb1a1bb58ef27fc1a3ee359bf4875a29909712d5452a89c81997470206443b0b94125dfcd2799b5eac6b1bb618ce9295fa38bd37ab4bcb0
SSDEEP

6144:AdP0JjTvbxCXXdfv1rLXU4KoaC8jD7S+1j+TTwp0iZmbKqIkzCWY0+yyggDPKsQl:60lvbxCXXFvRL+7S8jIcpHmbo/0+Tgy8

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4048	572	WerFault.exe	97

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 4640	2260	rundll32.exe	95
PID 2260 wrote to memory of 4640	2260	rundll32.exe	95
PID 2260 wrote to memory of 4640	2260	rundll32.exe	95
PID 4640 wrote to memory of 572	4640	rundll32.exe	97
PID 4640 wrote to memory of 572	4640	rundll32.exe	97
PID 4640 wrote to memory of 572	4640	rundll32.exe	97

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7e84906ba0a5cfa77693cabe169fba8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7e84906ba0a5cfa77693cabe169fba8.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4640
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c7e84906ba0a5cfa77693cabe169fba8.dll,#1
    3⤵
    PID:572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 576
      4⤵
      Program crash
      PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 572 -ip 572
1⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3276 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3348